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Privacy Management of Personal Data 

"Field of the Invention 
5 The present invention relates to privacy management of personal data. 

As used herein, the term "personal data" is intended to include data such as identity data 
and profile data (for example, preference data and financial data) of a party to which the 
data relates, whether that party is a natural or legal party. Furtheimore, references to the 
10 "owner" of the personal data means the party responsible for its disclosure, whether the 
party is the subject of the data or a proxy for that party. 

Background of the Invention 

Digital identities and profiles of parties are becoming more and more relevant for enabling 
15 Internet transactions and interactions among citizens, service providers, enterprises and 
government institutions. For example, in an e-commerce scenario, a person initially 
provides their digital identity and profile information to an e-commerce site in order to 
access their services. After the user logs in and interacts with these services: it might 
happen mat interaction with other web sites or organisations is needed to carry out a 
20 service. The usermightbe conscious of this or this might take place behind the scene, for 
example due to feet that the e-commerce site interacts with partners and suppliers. The e- 
commeice sites may or may not have prior agreements with these third parties or may or 
may not belong to the same web of trust, 

25 In general users have little understanding or knowledge of the privacy laws and legislation 
that regulate the management of their information. The privacy and data protection laws 
that regulate this area are hard to enforce or monitor, especially when private informationis 
spread across organisations and national' boundaries. People perceive and address the 
related security and privacy issues in different ways, ranging from completely ignoring 

30 them (and indiscriminately disclosing their personal data), to being so concerned as to 
refrain from using any Internet applications. It is also frequently the case that users do not 
bother to read long lists of terms and conditions concerning privacy and confidentiality 
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because they cannot understand them or do not have the time to do so. Thus, whilst users 
are often asked to grant authority to web sites to electronically manage their information, 
in many cases the user doesn't consider the implications of such a request and simply 
chooses the easiest way forward to obtaining the service they want 

5 

Little has been done so far to allow the explicit management and enforcement of privacy 
policies by directly involving users (or entities acting on their behalf) especially in a 
context of multiparty interactions. Users have a lack of control over their personal 
information, especially after its initial disclosure. In addition, third parties (such as 
10 delegates, e-commerce sites or enterprises) have lack of control over the confidential 
information they manage on behalf of their customers, in particular when they disclose it to 
external entities,, during transactions or interactions. 

Privacy management solutions can play a key role in protecting identities and profiles, 
1 5 enforcing good management practices and helping to detect criminal activities and support 
forensic analysis- However, for such solution to succeed, they need to simplify users 3 
experience so that people can feel they are in control of their personal data and that this 
data is managed in an accountable way. If people are not willing to be involved in the 
active protection and management of their digital assets, trusted third parties could do this 
20 on their behalf and could provide people with easy-to-use tools to monitor and keep the 
situation under control. 

Mechanisms such as proposed by W3C allow users to define simple privacy policies but 
this is only meaningful for point-to-point interactions (see: 'The Platform for privacy 
25 preferences L0 specification (P3P 1.0)/* http://www.w3.org/tr/p3n - W3C Proposed 
Recommendation - 2002) 

Solutions based on federated identity management have also been implements (such as 
Microsoft Passport) but, at least currently, rely on a closed web of trust Identity providers 
30 must be part of trusted clubs and be compliant with predefined privacy policies. This 
approach limits scalability and flexibility of the allowed interactions and transactions. 
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A more finegrained control over the privacy of personal data has been described in the 
papers: 

- G. karjoth, M. Hunter - A Privacy Policy Model for Enterprises, IBM Research, 
Zurich - 15 th IEEE Computer Foundations Workshop - June 2002 
5 - G. karjofh, M. Scmmter, M. Waidner - Platform for Enterprise Privacy Practices: 
Privacy-enabled Management of Customer Data - 2nd Workshop on Privacy 
' Enhancing Technologies, Lecture Notes in Computer Science, Springer Veriang - 
2002 

In the first of these papers the authors define a privacy control language that includes user 
10 consent, obligations and distributed administration. In Hie second paper, the authors 
describe a platform for enterprise privacy practices (E-P3P) and introduce tbe "sticky 
policy" paradigm and mechanisms for enterprise privacy enforcement. Sticky policies axe 
policies that arc strictly associated with a user's data and drive access control decisions and 
privacy enforcement. The papers do not, however, describe how the strong associations 
15 between policies and confidential data are enforced, especially across enterprise 
boundaries. Usere still need to trust the enterprise when disclosing their data. Leakage of 
personal and confidential information might happen, despite data protection laws and 
privacy policies, because of lack of security, dishonesty of some of the involved 
intermediaries and the complexity of the overall systems. 

20 

Furthermore, many of the current privacy mechanisms introduce an overhead in terms of 
usage of digital certificates at the user site (where data is encrypted) and complexity when 
dealing with dynamic metadata (policies) associated with the encrypted data 

25 It is an object of the present invention to provide an improved way of effecting privacy 
management for personal data- 

The present invention is in part based on the appreciation that Identity-Based Encryption 
(IBE) has certain properties than can be adapted for use in privacy management. 



30 



Identity-Based Encryption (IBE) is an emerging cryptographic schema. In mis schema (see 
Figure 1 of the accompanying drawings), a data provider 1 0 encrypts payload data 13 using 



4 

an encryption key string 14 and public data J 5 provided by a trusted authorityl2; the data 
provider 10 then provides the encrypted payioad data to a recipient 13 who decrypts it 
using a decryption key 16 provided by the trust authority together with the latter* 5 public 
data. The trusted authority's public data is derived by the authority from private data 17 
5 using a one-way function 1 8. Important features of the IBE schema are that any kind of 
string (including a nirue, a role, etc.) can be used as an encryption key string 1 4, and that 
the generation of the decryption key 1 6 is effected by the trust authority (process 1 9) using 
the encryption key string 14 and its private data 17, enabling the generation of the 
decryption key 16 to be postponed until needed for decryption. 

10 

A number of IBE algorithms are known, one of which is the "Quadratic Residuosity" (QR) 
method described in the paper: "An Identity Based Encryptions^ 
Residues". C. Cocks Communications-Electronics Security Group (CESG), UK, 
http://www.cesg.gov,uM - 200 1 . A brief description of 

1 5 this form of IBE is given below. 

In the QR method, the trust authority' s public data 1 5 comprises a value N that is a product 
of two random prime numbers p and q, where the values of p and q are the private data 1 7 
of the trust authority 12. The vahies of p and q should ideally be in the range of 2 511 and 
20 2 512 and should both satisfy the equation: p,q = 3mod 4 . However, p and q must not have 
the same value. Also provided is a hash function # which when applied to a string returns 
a value in the range 0 to N-l. 

Each bit m of the user's payioad data 13 is then encrypted as follows; 
25 - The data provider 10 generates random numbers f + (where f + is an integer in the 
range [0, 2*]) until a value of t+ is found that satisfies the equation jacobi(U,N) =m, 
where m has a value of-1 or 1 depending on whether the corresponding bit of the 
user's data is 0 or 1 respectively. (As is well known, the jacobi function is such that 
where x 2 =#modAT the jacobi (#, N) = -1 if x does not exist, and - 1 if x does 
30 exist). The data provider 10 then computes the value: 

&4-= (U+U(encryption_keystringy U)modN 
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where st corresponds to the encrypted value of the bit m concerned. 

- Since #(encxvpticmj^ystring) may be non-square, the data provider additionally 
generates additional random numbers f_ (integers in the range [0, 2*)) until one is 
5 found that satisfies the equation jacobi(t_,N>* m . The date provider 10 then 

computes the value: 

s _ = (t_-n(encryption_keystring)/ f_)motW 
as the encrypted vahie of the bit m concemed. 

10 The encrypted values s + and s. for eachbitm of the user's data are then made available to 
the intended recipient 11, for example via e-mail or by being placed in a electronic public 
area; the identity of the trust authority 12 and the encryption key string 14 will generally 
also be made available in the same way. 

15 The encryptionkey string 14 is passed to the trust authority 12 by any suitable means; for 
example, the recipient 1 1 may pass it to the trust authority or some other route is used - 
indeed, the trust authority may have initially provided the decryption key string. The trust 
authority 12 determines the associated private key B by solving the equation : 
B 2 = #(enctyption_keystring)TnodN ^positive" solution) 

20 If a value of B does not exist, then there is a value of B that is satisfied by the equation: 
& = -§{encryptionJceystring)mo<iN ("negative" solution) 

AsNtsaproduct of two prime numbers p,q it would be extiemely difficult for any one to 
calculate the decryption key B with only knowledge of the encryption key string and N. 
However, as the trust authority 12 lias knowledge of p and q (Le. two prime numbers) it is 

25 relatively straightforward for the trust authority 12 to calculate B- 

Any change to the encryption key string 1 4 will result in a decryption key 1 6 that will not 
decrypt the payloaddatal3 correctly. Therefore, the intended recipient 11 cannot alterthe 
encryption key string before supplying it to the trust authority 12. 

30 
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The trust authority 12 sends the decryption key to the data recipient 1 1 along with an 
indication of whether this is (he ''positive" oi '"negative" solution fox B. 

If the "positive" solution for the decryption key has been provided, the recipient 1 1 can 
5 now recover each bit m of the payload data 13 using: 
m = jacobiCs++2BJJ) 

If the ^negative* solution for the decryption key B has been provided, the recipient 11 
recovers each bit in using: 

m — jacobi(s-+2B,N) 

10 

Other IBE algorithms are known such as the use of Weil or Tate pairings - see, for 
example: D. Boneh, M. Franklin - Identity-based Encryption from the Weil Pairing. 
Crypto 2001 -2001 

15 

S-pmmaTy of the Invention 

In general terms, the present ioverition involves using a privacy policy as an IBE 
encryption key for the personal data to which it relates thereby tightly associating the 
poKcy and data and reqitiring the policy to be disclosed, unaltered, to the trust authority 
20 who has the ability to provide the decryption key. The trust authority then has the 
responsibility of ensuring that the policy conditions have been satisfied before it releases 
the decryption key. No secret needs to be generated and exchanged between users and the 
receivers of confidential information, 

25 More particularly, according to one aspect of the present invention, there is provided a 
privacy management method, comprising: 

first operations, effected by the owner of personal data, comprising encrypting the personal 
data and providing the encrypted data to a recipient, the encryption process using both: 

- an encryption key formed by policy data indicative of conditions to be satisfied 
30 before access is given to said personal data; and 

- public data provided by a trusted party and derived thereby from private data; 
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second operations, effected by the trusted party, comprising using the encryption key and 
said private data to determine a decryption key for decrypting the encrypted data, and 
providing this decryption key to said recipient only after the policy conditions have 
been satisfied in respect of said recipient. 

5 

The conditions to be satisfied may relate to the authenticity of the recipient, the security 
xating of the computing platform usedby therecipient, a "use-before" date for thepolicy or 
data, etc; a condition may also be that the trusted party communicate with the owner of the 
personal data either by way of a simple notification or to get permission to deliver the 
10 decryption key. 

The trusted party preferably keeps an audit record of each decryption key it delivers and 
each failed request for a key. 

15 According to another aspect of the present invention, there is provided a privacy 
management system comprising first second and third computing entities, wherem: 
. to computing entity comprises: a data store holding personal data; an encryption 
unit for encrypting the personal data using both an encryption key formed by policy 
dataindicativeof conditions to be satisfied before access is given to said personal data, 
20 and public data provided by the second computing entity, and a communications 
interface for providing the encrypted data to the third computing entity, 
- the second computing entity comprises a data store holding private data; a 
communications interface for receiving the encryption key and for providing a 
corresponding decryption key to the third computing entity, a decryption-key 
25 determination unit for using the private data and the received encryption key to 
determine the corresponding decryption key for decrypting the encrypted data; and a 
condition-checking arrangement for ensuring that the decryption key is only provided 
to the third computing entity after the conditions in said policy data have been satisfied 
in respect of the third computing entity. 



30 



According to a further aspect of the present invention, there is provided a computing entity 
arranged to act as a trusted party, the computing entity comprising: 
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a data store holding private data; 

a communications interface for receiving an encryption key and for outputting a 
corresponding decryption key to a requesting entity; the encryption key being formed 
by policy data indicative of conditions to be satisfied before access is given to data 
encrypted with the key; 

a decryption-key d ele* init ia ti on unit for using the private data and a received 
encryption key to determine a corresponding decryption key for decrypting data 
encrypted using the encryption key and public data derived from said private data; 
and 

a condition-checking arrangement for enabling output of the decryption key via the 
communications interface only upon the conditions m said policy data being satisfied 
in respect of the requesting entity. 

Brief Description of the Drawings 
15 Embodiments of the invention will now be described, by way of non-limiting example, 
with reference to the accompanying diagrammatic drawings, in which: 
. Figure 1 is a diagram illustrating the operation of a prior art encryption schema 

known as Identity-Based Encryption; 
. Figure 2 is a diagram of an embodiment of the present invention 
20 . Figure 3 shows an XMl^fbrmat message comprising a privacy policy and data 
encrypted using the policy as the encryption key according to the IBE 
schema. 

Best Mode of Carrying Out the Invention 

25 Figure 2 illustrates a privacy management system in which a data-owner computing entity 
20 is arranged to encrypt personal data and send it to a data-recipient computing entity 30 
which then requests a decryption key ftwi a trust authority computing entity 40 and, on 
receipt of the key, decrypts and uses the personal data. The computing entities 20,30 and 
40 inter-communicate, for example, via the internet or other computer nstwoik though it is 

30 also possible that two or all three entities actually reside on the same computing platfom. 



5 
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The system employs Identity-Based Encryption with the computing entities 20, 30 and 40 
having the roles of the dataprovider 10, data recipient 1 1 and trusted authority 12 of the 
Figure 1 TEE arrangement. The 1BE algorithm used is, for example, the OR algorithm 
described above withrespectto Figure 1. The encryption key used to eacrypt the personal 

5 data is a privacy / disclosure policy setting out conditions that must be satisfied before 
access is given to the personal data. This policy is sent with the personal data in a data 
package 25 to the data recipient entity 30 (see arrow 50) which forwards the policy to the 
trust authority entity 40 with ite request for a decryption key (see arrow 51). The trust 
authority entity 40 is then responsible for ensuringthat all the conditions ofthe policy have 

10 been metbeforc it applies the decryption key to the recipient entity 30 (see arrow 53). One 
possible condition involves the trust authority entity 40 communicating with the owner 
entity 20 (see arrow 52) either simply to notify the latter or to obtain authorisation to 
proceed with the provision ofmedecryptionkeyto the recipient entity 30. Advantageously, 
the trust authority entity keeps an auditable record of its interactions with the recipient 

15 entity. The trust authority entity will typically serve multiple data recipient entities in 
respect of data from multiple data owner entities. 

More particularly,lhe data-owner 20 entity comprises a data store 21 forholdmg personal 
data and related disclosure policies, a browser 22 providing a user interface for managing 

20 interaction with the recipient entity 30, and a communications module 24 for 
communicating with the other entities 30, 40. The browser 22 has a plug-in 23 that 
provides thelBEfunctionaHtyneededbythe entity 20, this plug-in 22 being provided, for 
example, by the trust authority entity 40. Where the QR IBE method is being used, tfte 
plug-in thus contains thepublicdataN and the hash function #tog e therwithprogramcode 

25 for encrypting data using N and an encryption key string formed by the disclosure policy 
relevant to the data concerned. 

Preferably, the personal data is divided into multiple components each with its own 
disclosure policy whereby different conditions can be set on different items of personal 
30 data. The data package 25 out by the entity 20 may include one or more personal-data 
components and their related policies- 
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With respect to the or each policy, such a policy can include conditions relating to: 

- the strength of cryptographic methods to be employed in authenticating the identity of 
recipient before the decryption key is provided to the latter. 

- the expiry date of the policy or of the personal data, the trusted authority being 
5 arranged not to the decryption key when the expiry date has passed. 

- a security parameter of a computing platform being used by the recipient 

- an action to be performed by the trust authority entity such as communicating with the 
owner, the trusted party effecting this communication before providing the decryption 
key to said recipient 

10 Other types of condition are also possible. 

The policies canbe expressed in any suitable language, for example XML. Figure 3 shows 
an example data package 25 in XML format for one data component (attribute 1 ); as can be 
seen the package comprises a pohcy section 26 and an encrypted data section 27 (the 
15 dashed lines simply being included to delimit these sections for the purpose of clarity). 

The policy illustrated in the policy section 26 of the Figure 3 data package 25 comprises: 

• An encrypted "identifier" of owner (see "owner details" tag). This can be any 
information, including the owner's e-mail address, URL, etc. In this example, a 

20 "reference name" (a pseudonym, for example) has been used as an IBE encryption 

key to encrypt this information. Only the competent trust authority entity 40 will 
be able to retrieve the owner's identifier (and use it for example, to notify the 
owner of a disclosure or ask for an authorization)- 

• The name of the attached confidential attribute (see "target" tag); 

25 - An expiration date for the policy or associated attribute data (see '"Validity" tag): 
after this date the trust authority entity 40 is required not to issue the decryption 
key; 

• Policy conditions divided into constraints and actions: the constrains require the 
recipient entity 30 to strongly authenticate itself to the trust authority entity 40, 
30 and specify the usage of the attribute. The action condition requires the trust 

authority entity to notify the user of a disclosure. 
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Any kind of condition can be added, as long as the trust authority and the recipient entity 
can understand its semantic. The format adopted for the policy in fe fonn included in the 
data package 25 and its form used as the BBE encryption key string need not be the same 
provided the forms used axe known to the entities who have a need to know. 

5 

Ccmsideringnextthedatarecipient entity 30, mis comprises acredentials database 31, an 
IBE decryption module 32, a policy engine 33 and a commutations module for 
communicating with the entities 20 and 30. On receipt of the data package 25, the policy 
engine 33 programmatically interprets me associated disclosure policies in order to 
10 determine what information (including authentication credentials, bufdness related 
information, company/individual policy related to data disclosure, usage and storage, 
software state, platform configuration etc.) it will need to provide to the trust authority 
entity 40. Thepolicy engine 33 is then responsible for sending to the aitity40, in respect of 
each encrypted personal-data component, a request for the decryption key, this request 

15 bemgacconnramedbyme^ 

required from it to satisfy the conditions in the policy. 

The receiving entity is thus explicitly aware of the conditions put on access to the 
encrypted data. 

20 

The trust authority entity 40 comprises a data store 41 , a decryption key generation module 
42, a policy engine 43 (different in functionality to that of the entity 30), an audit data 
module 44, and a communications module 44 for communicating with entities 20 and 30. 
On receiving a request for a decryption key from the entity 30, the policy engine 43 of the 
25 trust authority programmatically interprets the conditions in the associated policy and 
determines whemer me information provided 

conditions in the policy that are satisfiable by the entity 30. The policy engine 43 may 
detenmneumtmemformationgivenisin^ 

for farther information. Certain conditions in the policy may notiely on information from 
30 the entity 30 to be satisfied; one such condition is an action condition requiring the entity 
40 to notify the data-owner entity 20 or to seek its explicit authorisation for release of the 
decryption key concerned* 
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If and when the policy engine 43 is satisfied that all policy conditions have been met, it 
causes the key generation module 42 to generate the required decryption key from the 
policy (acting as the corresponding encryption key) and the private data (the value N in the 
5 case of the QR IBE method) securely stored in store 41 . The decryption key is then sent 
back to the entity 30. However, if one or more of the policy conditions is not satisfied, the 
entity 40 notifies the entity 30 accordingly and does not generate or output the requested 
decryption key, 

10 It will be appreciated that rather than the entity 30 providing the information required for 
satisfaction of policy conditions in the decryption-key request, this information can be 
requested by the entity 40 as required to satisfy each condition as it is inspected by the 
policy engine 43. Furthermore, the decryption key can be generated at the same time as, or 
even before, the policy conditions are checked; in this case 3 the decryption key is not, 

15 however, released until the conditions are all found to be satisfied. 

Whether or not a decryption-key request is successful, the audit data module 45 generates 
an audit record 47 comprising the identities of the entities 20 and 30, the personalniata 
component concerned and the information used to satisfy - or failing tq satisfy - each 
20 policy condition. This audit record 46 is stored in store 41 to provide an audit trail 
regarding the disclosure of personal data and attempted accesses to it; this audit trail era be 
used latter as evidence for future contentions or forensic analysis. 

Thus, if the recipient entity 30 discloses data in a way that is not allowed by the policies, 
25 there is an audit trail at the trust authority entity 40 showing that the entity 30 knew about 
the policy. In case of identity or profile thefts, the audit information can be used to pin 
down a list of potential "offenders" and carry on forensic analysis* Enforcing the tracing 
and auditing of disclosures makes the information recipients more accountable. 

30 The trust authority entity 40 is the most suitable place to implement tracing and auditing 
activities as data recipients 30 need to interact with the trust authority entity 40 to obtain an 
IBE decryption key. 
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It shouldbenoted that once personal datahas been disclosed to a recipient entity 30 andit 
is in dear text (at the recipient site), it can potentially be misused. However, the provision 
of audit information in described system facilitates the identification of the source of any 



abuses. 



To enable amuLtrparty transaction, the recipient entity 30 canoe authorised (for example, 
in apolicy condition) to pass the overall encrypted data or any component of it to a further 
party(orparties)who then must contact the trust authority for me decryption key; again the 
10 decryptionkey is only provided if the relevant policy conditions are satisfied in respect of 
this further party Iapassing on personal data, the recipient entity 30 may decide to further 
encrypt portions of this data by using additional policies. 

Advantageously, one or more of the conditions of a policy can utilise TCPA (Trusted 
15 Computing Platform Architecture) integrity checking mechanisms to check that the 
recipient's platform is a trusted computing platform, that the software state of this 
platform is conformant with the disclosure policies, and mat the platform correctly 
implements defined privacy management mechanisms. TCPA integrity checking 
mechanisms can also be used to allow the trust authority's computing platform to be 
20 checked out by the data owner (to ensure that the trust authority will operate as expected) 
and/or by the recipient of the data (to help the recipient decide whether the trust authority 
can be trusted with the information mat the recipient needs to provide in order for me 
decryptionkey to be issued). Trusted Operating Systems (OSs) can also be used to increase 
security and trust, for example by storage of sensitive hifbrmatio^ 
25 needs to disclose to the trust authority wfthin one or more separate compartments. 

Rather than the trust authority being separate from the data owner^mepersonal-data owner 
entity 20 can be arranged to run trust authority services itself in order to have first hand 
understanding of what happens to its inforrmation and make ultimate decisions about 
30 release of decryption keys. In this case, the personal-data owners can directly use a TCPA 
integrity challenge to check that the computing platform of the recipient has not been 
corrupted, before proceeding with the data disclosure. (It may be noted that where the 
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owner entity and trust authority entity are combined, the so-called ^public" data of the trust 
authority may not, in practice, be published outside of the combined entity; however, the 
term "private" is still apt to distinguish die data concerned from the private data, of the trust 
authority). 

5 

The data-owner entity 20 can decide to use multiple trust authorities, for example because 
one is competent to check platform security and another might be competent in another 
area. In this case, the owner entity can encrypt its data using a disclosure policy that 
specifies that it is necessary to use two (or more) sub keys in order tp decrypt the data, and 
1 0 each of the trust authorities would provide one of these keys. Trust authority entities are 
distinguished from each other at least by the private data they hold. 

It will be appreciated thai many other variants are possible to the above described 
embodiments of the invention. For example, the recipient entity 30 may choose to cache a 
15 received decryption key to decrypt the data package 25 at a later date. Furthermore, in 
order to prevent the use of a decryption key in respect of more than one output of personal 
data by the entity 20, a nonce, i_e_ a random number, can be incoxporated into the policy at 
each transmission. This ensures that the encryption key is unique thereby ensuring that the 
corresponding decryption key will also be unique. 

20 

It will be appreciated that the above-described privacy management system can be used in 
any area of application including e- commerce, financial, government and enterprise areas. 
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CLAIMS 

1 . A privacy management method, comprising: 
5 firstoperations, effected by the owner of personal data, comprising encrypting the personal 
data and providing the encrypted data to a recipient, the encryption process using both: 

- an encryption key formed by policy data indicative of conditions to be satisfied 
before access is given to said personal data; and 

- public data provided by a trusted party and derived thereby from private data; 

10 second operations, effected by the trusted party, comprising using the encryption key and 
said private data to determine a decryption key for decrypting the encrypted data, and 
providing this decryption key to said recipient only after the policy conditions have 
been satisfied in respect of said recipient. 

15 2. A method according to claim 1 , wherein the first operations further comprise providing 
the encryption key to said recipient along with the encrypted data; the method further 
comprising intermediate operations in which the recipient provides the trusted party with 
the encryption key and requests the decryption key. 

20 3. A method according to claim 1 or claim 2, wherein the first operations further comprise 
providing details of the trusted party to said recipient along with the encrypted data. 

4. A method according to any one of claims 1 to 3, further comprising said recipient 
sending on the encrypted personal data to a further party, and the trusted party providing 
25 the decryption key to that further party only after said conditions have been satisfied in 
respect of that further party. 

A method according to claim 1, wherein in said first operations multiple items of 
personal data are encrypted each using said public data and a respective encryption key 
30 formed by respective policy data; the encrypted multiple items being provided to said 
recipient; and whereinin the second operations the trusted party determines the decryption 
key for at least one encrypted item using the corresponding encryption key and said private 
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data, the or each determined decryption key only being provided to said recipient after the 
conditions in the corresponding policy data have been satisfied. 

6. A method according to claim 5, further comprising said recipient sending on a selected 
5 subset of said multiple encrypted items of personal data to a further party; and the trusted 
party providing to thai further party a decryption key for an encrypted item provided to that 
party., only after die conditions in the corresponding policy data have been satisfied in 
respect of said further party- 

10 7- A method according to claim 1, wherein the trusted party makes an audit record of each 
provision of a decryption key by the trusted party, 

8. A method according to claim 7, wherein said audit record further comprises information 
about when a decryption key is not provided because a related policy condition has not 
15 been satis fied, this information including information about the condition failure. 

9. A method according to claim I, wherein the first and second operations are repeated 
multiple times for the same or different personal data owned by the same or different 

personal-data owners and provided to the same or different recipients. 

20 

10. A method according to claim 9, wherein the trusted party makes an audit record of 
each provision of a decryption key by the trusted party. 

11. A method according to cLaim 10 ? wherein said audit record comprises the identity of 
25 the personal data, personal-data owner and recipient concerned. 

12. A method according to claim 10 or claim 11, wherein said audit record further 
comprises information about when a decryption key is not provided because a related 
policy condition has not been satisfied, this information including information about the 

30 condition failure. 
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13. A method accoxdingto claim 1 , herein a said policy condition relates to the strength 
of cryptographic methods to be employed in authenticating the identity of the recipient 
before the decryption key is provided to the latter. 

5 14. A method according to claim 1, wherein a said policy condition relates to the exphy 
date ofthe policy or of the personal data, the trusted party not providtog the deciTption key 
when the expiry date has passed. 

15. Amethod according to claim 1, wherein a said policy condition relates to a security 
1 0 parameter of a computing platform being used by the recipient 

16. A method according to claim 1. wherein a said policy condition relates to the trusted 
party communicating with the owner, the trusted party effecting this communication before 
providing the decryption key to said recipient 

15 

17. Amethod according to claim 16, wherein the condition is that the trusted party obtain 
consent from the owner before providing the decryption key to said recipient 

18. Amethod accordingto claim 16, wherein contact details forthe owner are contained in 
20 policy data in encrypted form, the contact details being encrypted using said public data of 

the trusted party and an encryption key formed by a data element also included in the 
policy data whereby the trusted party can form the corresponding decryption key and 
decrypt the encrypted contact details. 

25 19. A method according to claim 1, wherein the owner ofthe personal dataalso serves as 
the trusted party. 

20. A method according to claim 1, wherein said owner is acting as a proxy for a party to 
whom the personal data relates. 



30 



21 . A method according to claim 1 , wherein in the second operations the decryption key is 
not determined until after said conditions have been satisfied 
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22. A privacy management system comprising first second and third computing entities, 
wherein: 

- tihie first computing entity comprises: a data store holding personal data; an encryption 
5 unit for encrypting the personal data using both an encryption key formed "by policy 

data indicative of conditions to be satisfied before access is given to said personal data, 
and public data provided by the second computing entity; and a communications 
interface for providing the encrypted data to the third computing entity; 

- the second computing entity comprises a data store holding private data; a 
10 communications interface for receiving the encryption key and for providing a 

corresponding decryption key to the third computing entity; a decryption-key 
determination unit for using the private data and the received encryption key to 
determine the corresponding decryption key for decrypting the encrypted data; and a 
condition-checking arrangement for ensuring that the decryption key is only provided 
15 to the third computing entity after the conditions in said policy data have been satisfied 
in respect of the third computing entity, 

23. A system according to claim 22, wherein the first computing entity is arranged to 
provide the encryption key to the third computing entity along with the encrypted data; the 

20 third computing entity being arranged to request the decryption key from the second 
computing entity and provide it with the encryption key. 

24. A system according to claim 22 3 further comprising a fourth computing entity, the 
third computing entity being arranged to send on the encrypted personal data to the fourth 

25 computing entity, and the second computing entity being arranged to provide the 
decryption key to the fourth computing entity only after said conditions have been satisfied 
in respect of that fourth computing entity. 

25. A system according to claim 22„ wherein the second computing entity is arranged to 
30 make an audit record of each provision of the decryption key by the second computing 

entity. 
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26. A system according to claim 25, wherein the second computing entity is arranged to 
include in the audit record, information about when a decryption key is not provided 
because a related policy condition has not been satisfied, this information including 
information about the condition failure. 

27. A system according to claim 1. further comprising multiple first and third computing 
entities, the second computing entity being arranged to provide decryption keys for the 
third computing entities hi respect of personal data encrypted by the first computing 
entities provided the corresponding policy conditions have been satisfied in each case. 

29. A system according to claim 27, wherein the second computing entity is arranged to 
make an audit record of each provision of a decryption key by the second computing 
entity.. 

15 30. A system according to claim 29, wherein said audit record comprises the identity of 
the first and third computing entities concerned with each provision of a decryption key. 

31. A system according to claim 29 or claim 30, wherein the second computing entity is 
arranged to include in the audit record, information about when a decryption key is not 

20 provided because a related policy condition bas not been satisfied, this information 
mcluding information about the condition failure. 

32. A system according to claim 22, wherein a said policy condition relates to the second 
computing entity communicating with the first computing, the second computing entity 

25 being arranged to effect this communication before providing the decryption key to said 
third computing entity. 

33. A system according to claim 32, wherein the condition is that the second computing 
entity obtain consent from the first computing entity before providing the decryptionkeyto 

30 the third computing entity. 
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34. A system according to claim 32, wherein contact details of the first computing entity 
are included in said policy data m encrypted form, the contact details being encrypted using 
said public data and an encryption key formed by a data element also included in the 
policy data whereby the second computing entity can form the corresponding decryption 
5 key and decrypt the encrypted contact details. 

35* A system according to claim 22, wherein the first and second computing entities are 
combined. 

10 36. A computing entity arranged to act as a trusted party, the computing entity comprising: 
a data store holding private data; 

a communications interface for receiving an encryption key and for outputting a 
corresponding decryption key to a requesting entity; the encryptionkey being formed 
by policy data indicative of conditions to be satisfied before access is given to data 
1 5 encrypted with the key, 

a decryption-key determination unit for using the private data and a received 
encryption key to determine a corresponding decryption key for decrypting data 
encrypted using the encryption key and public data derived from said private data; 
and 

20 - a condition-disking arrangement for enabling output of the decryption key via the 
communications interface only upon the conditions in said policy data being satisfied 
in respect of the requesting entity, 

37* A computing entity according to claim 36, further comprising an audit-trail 
25 arrangement for making an audit record of each output of a decryption key to a requesting 
entity. 

38, A computing entity according to claim 37, wherein the audit-trail arrangement is 
arranged to include in the audit record information about when a decryption key is not 
30 provided because a related policy condition has not been satisfied, this information 
including information about the condition failure. 
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39. A computing entity according to claim 36, wherein a said policy condition relates to 
the second computing entity communicating with the first computing, the second 
computing entity being arranged to effect this communication before providing the 
decryption key to said third computing entity. 

40. A computing entity according to claim 39, wherein the condition is that the second 
computing entity obtain consent from the first computing entity before providing the 
decryption key to the thud computing entity. 



10 
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ABSTRACT 
Privacy Management of Personal Data 

5 

When sending personal data to a recipient (30), the data owner (20) encrypts the data using 
both a public data item provided by a trusted party (40) and an encryption key formed by 
policy data indicative of conditions to be satisfied before access is given to the personal 
data. The encryption key is typically also provided to the recipient (30) along with the 
10 encrypted personal data. To decrypt the personal data, the recipient (30) sends the 
encryption key to the trusted party (40) with a request for the decryption key. The trusted 
party (40) determines the required decryption key using the encryption key and private data 

from which its public data was derived, and provides it to the requesting recipient (30). 

However, the decryption key is not made available until the trusted party (40) is satisfied 
IS that the associated policy conditions have been met in respect of said recipient One 

posslblepolicy condition is that the trusted party (40) must first get confirmation from the 

owner (20) of the personal data before providing the decryption key. Preferably, the trusted 

party (40) keeps a record (47) of the provision of decryption keys 

20 

(Figure 2) 



V 
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<datapackage> 

<cdata C0TOpcment> 



//profile - attribute 1 St related policy 



<policy> 



//DISCLOSURE POLICY 



<Trustfid Authority> 

addr&ss and location of the Trusted Authority 
■i/TruSted Authority> 



irvK 



Preference narne> 

pseudonym! 
</rcferencc name> 
<owaer's dctails> 

encrypted call back address 
<oTviiiftf *s details> 
<Javmcr> 



//owner 

//reference Tiame - IBE public key 



//eacrypte* 1 cali back aj(ldreBS 

//by using the user's reference name 
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nam* o/r&e Mtewrity or profile attribute 
^target? 1 

<Yalidity> 

expiration dale 
<Vvalidity> 

^OBStraiill?* 

reqiiirc_stK>ng_}C509_9nthEnbi:ation 

</condirajrit> 
<constraiilt> 

allow_usaEB_of_dat& - #l 
</constraint> 

<actiDii> 

notifyjowner 
</acticm> 
</policy> 



//policy/attribute name 
//validity 

//constraint? 



//actions 



<eneryptcd data> //ENCRYPTED DATA (Attribute 1) 

encrypted attribute J value, using the above policy as IBE public key 
</enCrypted data> 
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Jl. 



</data eompoiient> 
</data package> 



Figure 3 
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